Company Description Carabao Group Public Co., Ltd. is a leading Thai beverage company best known for its flagship energy drink brand Carabao Dang, first launched in 2002. The business originated as Carabao Tawandang Co. Ltd., a joint venture between the founder and lead singer of the Carabao band and German Tawandang Brewery. As the company expanded, it evolved into a fully integrated enterprise with capabilities spanning sourcing, production, marketing, and distribution. Carabao Group was established in 2014 and is listed on the Stock Exchange of Thailand (SET), reflecting its strong growth and long-term strategic vision. The company continues to invest in innovation, brand development, and operational excellence to serve diverse consumer markets in Thailand and beyond.
Role Description This is a full-time, on-site Cybersecurity Compliance Manager role based in Bangkok. The Cybersecurity Compliance Manager is responsible for developing, implementing, and maintaining cybersecurity policies, standards, and procedures aligned with relevant laws, regulations, and industry frameworks. In this role, you will coordinate and conduct security risk assessments, compliance audits, and gap analyses across systems, applications, and vendors, and track remediation activities to closure. You will collaborate closely with IT, legal, internal audit, and business teams to ensure secure-by-design practices, effective incident response processes, and adherence to data protection requirements. The role also involves preparing compliance reports and documentation for internal stakeholders and regulators, managing cybersecurity awareness and training initiatives, and monitoring emerging threats and regulatory changes to continuously improve the organization's security posture.
Qualifications
- Strong knowledge of cybersecurity frameworks and standards (e.g., ISO 27001/27002, NIST, CIS Controls) and experience implementing security policies, standards, and procedures.
- Experience with IT risk management, security controls assessment, and compliance audits, including documenting findings and overseeing remediation plans.
- Understanding of data protection and privacy regulations (e.g., PDPA, GDPR or similar) and their application in enterprise environments.
- Hands-on familiarity with security operations concepts (e.g., incident response, vulnerability management, access control, logging and monitoring).
- Proficiency in creating clear security documentation, including policies, guidelines, workflows, and compliance reporting for technical and non-technical audiences.
- Excellent analytical, problem-solving, and decision-making abilities, with a structured approach to managing multiple projects and deadlines.
- Strong communication and stakeholder management skills, with the ability to influence cross-functional teams and present complex security topics clearly.
- Bachelor's degree in Information Security, Computer Science, Information Systems, or a related field; relevant certifications such as CISSP, CISM, CISA, ISO 27001
